1. Field of Invention
The present invention relates to information security technology for resisting a power analysis attack made by measuring an amount of power consumed, and processing information safely and reliably.
2. Description of the Related Art
In recent years, various types of code cracking techniques have been proposed for, when encryption processing is performed in an encryption module realized by hardware or software, using side information of the encryption processing to analyze the encryption key used in the encryption processing.
One example of such a technique is a code cracking method called timing attack, which finds an encryption key used in encryption processing by exploiting the fact that the amount of time required for encryption processing in an encryption module differs slightly according to the value of the encryption key. Furthermore, code cracking methods called simple power analysis and differential power analysis use the amount of power consumed by the encryption module in encryption processing as side-channel information.
With high-performance measuring devices becoming less expensive in recent years, these code cracking methods are known to be capable of analyzing actual products that are provided with an encryption module, such as IC cards.
Hereinafter, code cracking methods that find an encryption key based on fluctuations in the amount of power consumed by an encryption module in encryption processing as described above, in other words based on a power waveform, are collectively referred to as power analysis attacks. Note that timing attacks are described in detail in Non-Patent Document 1, and power analysis attacks are described in detail in Non-Patent Document 2.
Next, a description is given of simple power analysis of elliptic curve encryption. Note that elliptic curve encryption is described in detail in Non-Patent Document 5, and elliptic ElGamal encryption and the elliptic DSA signature scheme is described in detail in Non-Patent Document 3.